Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirecting to spam


  • Please log in to reply
20 replies to this topic

#1 Cakemaphoneige

Cakemaphoneige

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 09 May 2012 - 12:44 AM

Google redirects me to spam sites when i click a search link. I read a few other threads and it seems that this is a common issue.
Any help i can get would be greatly appreciated :)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:15 AM

Posted 09 May 2012 - 01:30 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options for scan results unless instructed


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Edited by narenxp, 09 May 2012 - 01:44 AM.


#3 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 09 May 2012 - 01:48 AM

Thankyou for your help and quick reply.


16:42:15.0046 3308 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:42:16.0406 3308 ============================================================
16:42:16.0406 3308 Current date / time: 2012/05/09 16:42:16.0406
16:42:16.0406 3308 SystemInfo:
16:42:16.0406 3308
16:42:16.0406 3308 OS Version: 5.1.2600 ServicePack: 3.0
16:42:16.0406 3308 Product type: Workstation
16:42:16.0406 3308 ComputerName: SCOTT
16:42:16.0406 3308 UserName: Administrator
16:42:16.0406 3308 Windows directory: C:\WINDOWS
16:42:16.0406 3308 System windows directory: C:\WINDOWS
16:42:16.0406 3308 Processor architecture: Intel x86
16:42:16.0406 3308 Number of processors: 1
16:42:16.0406 3308 Page size: 0x1000
16:42:16.0406 3308 Boot type: Normal boot
16:42:16.0406 3308 ============================================================
16:42:18.0296 3308 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
16:42:18.0312 3308 ============================================================
16:42:18.0312 3308 \Device\Harddisk0\DR0:
16:42:18.0312 3308 MBR partitions:
16:42:18.0312 3308 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x94EEEB9
16:42:18.0312 3308 ============================================================
16:42:18.0343 3308 C: <-> \Device\Harddisk0\DR0\Partition0
16:42:18.0343 3308 ============================================================
16:42:18.0343 3308 Initialize success
16:42:18.0343 3308 ============================================================
16:43:09.0125 0228 ============================================================
16:43:09.0125 0228 Scan started
16:43:09.0125 0228 Mode: Manual; TDLFS;
16:43:09.0125 0228 ============================================================
16:43:09.0609 0228 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys
16:43:09.0609 0228 Aavmker4 - ok
16:43:09.0609 0228 Abiosdsk - ok
16:43:09.0625 0228 abp480n5 - ok
16:43:09.0671 0228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
16:43:09.0687 0228 ACPI - ok
16:43:09.0718 0228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
16:43:09.0718 0228 ACPIEC - ok
16:43:09.0718 0228 adpu160m - ok
16:43:09.0765 0228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
16:43:09.0781 0228 aec - ok
16:43:09.0812 0228 AegisP (2f7f3e8da380325866e566f5d5ec23d5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
16:43:09.0812 0228 AegisP - ok
16:43:09.0859 0228 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
16:43:09.0859 0228 AFD - ok
16:43:09.0859 0228 Aha154x - ok
16:43:09.0875 0228 aic78u2 - ok
16:43:09.0890 0228 aic78xx - ok
16:43:09.0921 0228 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
16:43:09.0921 0228 Alerter - ok
16:43:09.0953 0228 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
16:43:09.0953 0228 ALG - ok
16:43:09.0953 0228 AliIde - ok
16:43:09.0968 0228 amsint - ok
16:43:10.0046 0228 Apple Mobile Device (018857ead9a077a56aedfc0e5ef7a24a) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:43:10.0046 0228 Apple Mobile Device - ok
16:43:10.0078 0228 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
16:43:10.0093 0228 AppMgmt - ok
16:43:10.0109 0228 asc - ok
16:43:10.0109 0228 asc3350p - ok
16:43:10.0125 0228 asc3550 - ok
16:43:10.0203 0228 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
16:43:10.0281 0228 aspnet_state - ok
16:43:10.0312 0228 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys
16:43:10.0312 0228 aswFsBlk - ok
16:43:10.0343 0228 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys
16:43:10.0343 0228 aswMon2 - ok
16:43:10.0359 0228 AswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\AswRdr.sys
16:43:10.0375 0228 AswRdr - ok
16:43:10.0421 0228 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys
16:43:10.0437 0228 aswSnx - ok
16:43:10.0484 0228 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys
16:43:10.0500 0228 aswSP - ok
16:43:10.0531 0228 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys
16:43:10.0531 0228 aswTdi - ok
16:43:10.0593 0228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
16:43:10.0593 0228 AsyncMac - ok
16:43:10.0609 0228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
16:43:10.0625 0228 atapi - ok
16:43:10.0625 0228 Atdisk - ok
16:43:10.0656 0228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
16:43:10.0687 0228 Atmarpc - ok
16:43:10.0718 0228 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
16:43:10.0734 0228 AudioSrv - ok
16:43:10.0765 0228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
16:43:10.0765 0228 audstub - ok
16:43:10.0828 0228 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
16:43:10.0828 0228 avast! Antivirus - ok
16:43:10.0859 0228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
16:43:10.0859 0228 Beep - ok
16:43:10.0937 0228 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
16:43:11.0015 0228 BITS - ok
16:43:11.0093 0228 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files\Bonjour\mDNSResponder.exe
16:43:11.0109 0228 Bonjour Service - ok
16:43:11.0203 0228 Boost Mobile Connect. RunOuc (625c98d60ad5ab1fccbd0e2c0ac0d905) C:\Program Files\Boost Mobile Connect\UpdateDog\ouc.exe
16:43:11.0218 0228 Boost Mobile Connect. RunOuc - ok
16:43:11.0265 0228 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
16:43:11.0265 0228 Browser - ok
16:43:11.0312 0228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
16:43:11.0312 0228 cbidf2k - ok
16:43:11.0328 0228 cd20xrnt - ok
16:43:11.0359 0228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
16:43:11.0375 0228 Cdaudio - ok
16:43:11.0406 0228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
16:43:11.0421 0228 Cdfs - ok
16:43:11.0437 0228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
16:43:11.0437 0228 Cdrom - ok
16:43:11.0453 0228 Changer - ok
16:43:11.0500 0228 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
16:43:11.0500 0228 CiSvc - ok
16:43:11.0531 0228 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
16:43:11.0531 0228 ClipSrv - ok
16:43:11.0593 0228 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:11.0656 0228 clr_optimization_v2.0.50727_32 - ok
16:43:11.0656 0228 CmdIde - ok
16:43:11.0671 0228 COMSysApp - ok
16:43:11.0687 0228 Cpqarray - ok
16:43:11.0718 0228 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
16:43:11.0734 0228 CryptSvc - ok
16:43:11.0750 0228 dac2w2k - ok
16:43:11.0750 0228 dac960nt - ok
16:43:11.0796 0228 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:43:11.0828 0228 DcomLaunch - ok
16:43:11.0875 0228 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
16:43:11.0921 0228 Dhcp - ok
16:43:11.0953 0228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
16:43:11.0984 0228 Disk - ok
16:43:12.0015 0228 dmadmin - ok
16:43:12.0218 0228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
16:43:12.0234 0228 dmboot - ok
16:43:12.0265 0228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
16:43:12.0281 0228 dmio - ok
16:43:12.0296 0228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
16:43:12.0296 0228 dmload - ok
16:43:12.0343 0228 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
16:43:12.0359 0228 dmserver - ok
16:43:12.0390 0228 dmsmbios (43cb4f8c4c110f06e5b0a1f15787a081) C:\WINDOWS\system32\dmsmbios.sys
16:43:12.0468 0228 dmsmbios - ok
16:43:12.0515 0228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
16:43:12.0515 0228 DMusic - ok
16:43:12.0593 0228 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
16:43:12.0609 0228 Dnscache - ok
16:43:12.0703 0228 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
16:43:12.0734 0228 Dot3svc - ok
16:43:12.0734 0228 dpti2o - ok
16:43:12.0765 0228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
16:43:12.0765 0228 drmkaud - ok
16:43:12.0796 0228 E100B (7d91dc6342248369f94d6eba0cf42e99) C:\WINDOWS\system32\DRIVERS\e100b325.sys
16:43:12.0812 0228 E100B - ok
16:43:12.0906 0228 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
16:43:12.0906 0228 EapHost - ok
16:43:12.0984 0228 EAPPkt (efacd8d57a42a93e244a0dbd357e8cb8) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
16:43:12.0984 0228 EAPPkt - ok
16:43:13.0046 0228 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
16:43:13.0046 0228 ERSvc - ok
16:43:13.0093 0228 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:43:13.0109 0228 Eventlog - ok
16:43:13.0156 0228 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
16:43:13.0156 0228 EventSystem - ok
16:43:13.0203 0228 ewusbnet (9d12fac081115de17f774f1e5d01e976) C:\WINDOWS\system32\DRIVERS\ewusbnet.sys
16:43:13.0218 0228 ewusbnet - ok
16:43:13.0250 0228 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\WINDOWS\system32\DRIVERS\ew_hwusbdev.sys
16:43:13.0265 0228 ew_hwusbdev - ok
16:43:13.0312 0228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
16:43:13.0328 0228 Fastfat - ok
16:43:13.0406 0228 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:43:13.0421 0228 FastUserSwitchingCompatibility - ok
16:43:13.0453 0228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
16:43:13.0453 0228 Fdc - ok
16:43:13.0484 0228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
16:43:13.0484 0228 Fips - ok
16:43:13.0500 0228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
16:43:13.0500 0228 Flpydisk - ok
16:43:13.0546 0228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
16:43:13.0562 0228 FltMgr - ok
16:43:13.0656 0228 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:13.0656 0228 FontCache3.0.0.0 - ok
16:43:13.0687 0228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
16:43:13.0687 0228 Fs_Rec - ok
16:43:13.0703 0228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
16:43:13.0718 0228 Ftdisk - ok
16:43:13.0750 0228 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
16:43:13.0750 0228 GEARAspiWDM - ok
16:43:13.0781 0228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
16:43:13.0796 0228 Gpc - ok
16:43:13.0875 0228 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:13.0875 0228 gupdate - ok
16:43:13.0890 0228 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
16:43:13.0890 0228 gupdatem - ok
16:43:13.0937 0228 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
16:43:13.0937 0228 helpsvc - ok
16:43:13.0968 0228 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
16:43:13.0968 0228 HidServ - ok
16:43:13.0984 0228 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
16:43:14.0000 0228 hidusb - ok
16:43:14.0031 0228 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
16:43:14.0046 0228 hkmsvc - ok
16:43:14.0062 0228 hpn - ok
16:43:14.0109 0228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
16:43:14.0109 0228 HTTP - ok
16:43:14.0171 0228 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
16:43:14.0171 0228 HTTPFilter - ok
16:43:14.0234 0228 huadio (09beb1879a809bf4a9f2b892005c88e6) c:\huadio.tmp
16:43:14.0234 0228 huadio - ok
16:43:14.0265 0228 huawei_enumerator (2aeb89aeac08ecd23fc0da3eb4330a29) C:\WINDOWS\system32\DRIVERS\ew_jubusenum.sys
16:43:14.0265 0228 huawei_enumerator - ok
16:43:14.0328 0228 hwdatacard (d276036ebe90a3a2e94aa59c73967f79) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
16:43:14.0328 0228 hwdatacard - ok
16:43:14.0437 0228 HWDeviceService.exe (5ef3427ae503b5c03a48f7c9ff458b69) C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe
16:43:14.0453 0228 HWDeviceService.exe - ok
16:43:14.0468 0228 i2omgmt - ok
16:43:14.0484 0228 i2omp - ok
16:43:14.0500 0228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
16:43:14.0500 0228 i8042prt - ok
16:43:14.0593 0228 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
16:43:14.0640 0228 ialm - ok
16:43:14.0906 0228 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:15.0015 0228 idsvc - ok
16:43:15.0093 0228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
16:43:15.0093 0228 Imapi - ok
16:43:15.0125 0228 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
16:43:15.0140 0228 ImapiService - ok
16:43:15.0156 0228 ini910u - ok
16:43:15.0171 0228 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
16:43:15.0171 0228 IntelIde - ok
16:43:15.0203 0228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
16:43:15.0203 0228 intelppm - ok
16:43:15.0234 0228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
16:43:15.0234 0228 Ip6Fw - ok
16:43:15.0265 0228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
16:43:15.0265 0228 IpFilterDriver - ok
16:43:15.0296 0228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
16:43:15.0296 0228 IpInIp - ok
16:43:15.0328 0228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
16:43:15.0343 0228 IpNat - ok
16:43:15.0437 0228 iPod Service (6351b24dc3cb7dffde917d1276ee166c) C:\Program Files\iPod\bin\iPodService.exe
16:43:15.0453 0228 iPod Service - ok
16:43:15.0484 0228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
16:43:15.0484 0228 IPSec - ok
16:43:15.0500 0228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
16:43:15.0515 0228 IRENUM - ok
16:43:15.0546 0228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
16:43:15.0546 0228 isapnp - ok
16:43:15.0562 0228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
16:43:15.0562 0228 Kbdclass - ok
16:43:15.0593 0228 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
16:43:15.0593 0228 kbdhid - ok
16:43:15.0625 0228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
16:43:15.0625 0228 kmixer - ok
16:43:15.0656 0228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
16:43:15.0656 0228 KSecDD - ok
16:43:15.0687 0228 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
16:43:15.0734 0228 lanmanserver - ok
16:43:15.0765 0228 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
16:43:15.0781 0228 lanmanworkstation - ok
16:43:15.0796 0228 lbrtfdc - ok
16:43:15.0828 0228 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
16:43:15.0843 0228 LmHosts - ok
16:43:15.0843 0228 massfilter - ok
16:43:15.0875 0228 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
16:43:15.0875 0228 Messenger - ok
16:43:15.0906 0228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
16:43:15.0906 0228 mnmdd - ok
16:43:15.0953 0228 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
16:43:15.0968 0228 mnmsrvc - ok
16:43:16.0015 0228 MobileAdapter (83c97f6d9feb37af9d785ac099e41a42) C:\WINDOWS\system32\DRIVERS\qscnusb.sys
16:43:16.0093 0228 MobileAdapter - ok
16:43:16.0125 0228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
16:43:16.0125 0228 Modem - ok
16:43:16.0140 0228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
16:43:16.0171 0228 Mouclass - ok
16:43:16.0203 0228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
16:43:16.0203 0228 mouhid - ok
16:43:16.0234 0228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
16:43:16.0234 0228 MountMgr - ok
16:43:16.0312 0228 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:43:16.0312 0228 MozillaMaintenance - ok
16:43:16.0328 0228 mraid35x - ok
16:43:16.0343 0228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
16:43:16.0359 0228 MRxDAV - ok
16:43:16.0421 0228 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
16:43:16.0468 0228 MRxSmb - ok
16:43:16.0500 0228 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
16:43:16.0500 0228 MSDTC - ok
16:43:16.0515 0228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
16:43:16.0515 0228 Msfs - ok
16:43:16.0531 0228 MSIServer - ok
16:43:16.0546 0228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
16:43:16.0562 0228 MSKSSRV - ok
16:43:16.0578 0228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
16:43:16.0578 0228 MSPCLOCK - ok
16:43:16.0609 0228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
16:43:16.0609 0228 MSPQM - ok
16:43:16.0640 0228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
16:43:16.0640 0228 mssmbios - ok
16:43:16.0687 0228 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
16:43:16.0703 0228 Mup - ok
16:43:16.0750 0228 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
16:43:16.0781 0228 napagent - ok
16:43:16.0812 0228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
16:43:16.0828 0228 NDIS - ok
16:43:16.0859 0228 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
16:43:16.0859 0228 NdisTapi - ok
16:43:16.0890 0228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
16:43:16.0906 0228 Ndisuio - ok
16:43:16.0921 0228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
16:43:16.0921 0228 NdisWan - ok
16:43:16.0953 0228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
16:43:16.0968 0228 NDProxy - ok
16:43:16.0984 0228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
16:43:16.0984 0228 NetBIOS - ok
16:43:17.0015 0228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
16:43:17.0031 0228 NetBT - ok
16:43:17.0093 0228 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:43:17.0109 0228 NetDDE - ok
16:43:17.0125 0228 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
16:43:17.0125 0228 NetDDEdsdm - ok
16:43:17.0171 0228 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:43:17.0187 0228 Netlogon - ok
16:43:17.0218 0228 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
16:43:17.0234 0228 Netman - ok
16:43:17.0375 0228 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:17.0375 0228 NetTcpPortSharing - ok
16:43:17.0453 0228 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
16:43:17.0468 0228 Nla - ok
16:43:17.0531 0228 nokia_cs1x_cdc_acm (73b59d848ed1990c2b057a2a67009477) C:\WINDOWS\system32\DRIVERS\nokia_cs1x_cdc_acm.sys
16:43:17.0531 0228 nokia_cs1x_cdc_acm - ok
16:43:17.0578 0228 nokia_cs1x_cdc_ecm (5368006a21f27098f504697d8aa0937f) C:\WINDOWS\system32\DRIVERS\nokia_cs1x_cdc_ecm.sys
16:43:17.0578 0228 nokia_cs1x_cdc_ecm - ok
16:43:17.0609 0228 nokia_cs1x_cpo (c505061912383af9e987c81ecdbd27aa) C:\WINDOWS\system32\DRIVERS\nokia_cs1x_cpo.sys
16:43:17.0609 0228 nokia_cs1x_cpo - ok
16:43:17.0656 0228 nokia_cs1x_dc_enum (559aa470a6efa48caba5c5bf6a0f46fb) C:\WINDOWS\system32\DRIVERS\nokia_cs1x_dc_enum.sys
16:43:17.0671 0228 nokia_cs1x_dc_enum - ok
16:43:17.0687 0228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
16:43:17.0687 0228 Npfs - ok
16:43:17.0734 0228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
16:43:17.0765 0228 Ntfs - ok
16:43:17.0796 0228 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:43:17.0812 0228 NtLmSsp - ok
16:43:17.0859 0228 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
16:43:17.0906 0228 NtmsSvc - ok
16:43:17.0937 0228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
16:43:17.0937 0228 Null - ok
16:43:17.0968 0228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
16:43:17.0968 0228 NwlnkFlt - ok
16:43:17.0984 0228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
16:43:17.0984 0228 NwlnkFwd - ok
16:43:18.0015 0228 OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
16:43:18.0015 0228 OMCI - ok
16:43:18.0093 0228 ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:43:18.0093 0228 ose - ok
16:43:18.0156 0228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
16:43:18.0156 0228 Parport - ok
16:43:18.0187 0228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
16:43:18.0187 0228 PartMgr - ok
16:43:18.0218 0228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
16:43:18.0218 0228 ParVdm - ok
16:43:18.0265 0228 PCASp50 (1961590aa191b6b7dcf18a6a693af7b8) C:\WINDOWS\system32\Drivers\PCASp50.sys
16:43:18.0265 0228 PCASp50 - ok
16:43:18.0281 0228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
16:43:18.0281 0228 PCI - ok
16:43:18.0296 0228 PCIDump - ok
16:43:18.0312 0228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
16:43:18.0312 0228 PCIIde - ok
16:43:18.0328 0228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
16:43:18.0343 0228 Pcmcia - ok
16:43:18.0359 0228 PDCOMP - ok
16:43:18.0359 0228 PDFRAME - ok
16:43:18.0375 0228 PDRELI - ok
16:43:18.0390 0228 PDRFRAME - ok
16:43:18.0390 0228 perc2 - ok
16:43:18.0406 0228 perc2hib - ok
16:43:18.0453 0228 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
16:43:18.0453 0228 PlugPlay - ok
16:43:18.0468 0228 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:43:18.0468 0228 PolicyAgent - ok
16:43:18.0515 0228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
16:43:18.0515 0228 PptpMiniport - ok
16:43:18.0578 0228 PRISMSVC (d5a9221f57656c99248d0b526e077bcf) C:\WINDOWS\system32\PRISMSVC.EXE
16:43:18.0593 0228 PRISMSVC - ok
16:43:18.0609 0228 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:43:18.0609 0228 ProtectedStorage - ok
16:43:18.0625 0228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
16:43:18.0640 0228 PSched - ok
16:43:18.0703 0228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
16:43:18.0703 0228 Ptilink - ok
16:43:18.0734 0228 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
16:43:18.0734 0228 PxHelp20 - ok
16:43:18.0750 0228 ql1080 - ok
16:43:18.0765 0228 Ql10wnt - ok
16:43:18.0765 0228 ql12160 - ok
16:43:18.0781 0228 ql1240 - ok
16:43:18.0796 0228 ql1280 - ok
16:43:18.0828 0228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
16:43:18.0843 0228 RasAcd - ok
16:43:18.0890 0228 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
16:43:18.0906 0228 RasAuto - ok
16:43:18.0937 0228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
16:43:18.0937 0228 Rasl2tp - ok
16:43:18.0984 0228 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
16:43:18.0984 0228 RasMan - ok
16:43:19.0015 0228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
16:43:19.0015 0228 RasPppoe - ok
16:43:19.0031 0228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
16:43:19.0031 0228 Raspti - ok
16:43:19.0046 0228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
16:43:19.0062 0228 Rdbss - ok
16:43:19.0078 0228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
16:43:19.0078 0228 RDPCDD - ok
16:43:19.0109 0228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
16:43:19.0125 0228 rdpdr - ok
16:43:19.0156 0228 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
16:43:19.0171 0228 RDPWD - ok
16:43:19.0218 0228 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
16:43:19.0218 0228 RDSessMgr - ok
16:43:19.0281 0228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
16:43:19.0281 0228 redbook - ok
16:43:19.0312 0228 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
16:43:19.0328 0228 RemoteAccess - ok
16:43:19.0359 0228 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
16:43:19.0375 0228 RemoteRegistry - ok
16:43:19.0421 0228 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
16:43:19.0421 0228 RpcLocator - ok
16:43:19.0500 0228 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
16:43:19.0500 0228 RpcSs - ok
16:43:19.0562 0228 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
16:43:19.0578 0228 RSVP - ok
16:43:19.0625 0228 RTLWUSB (691db86b09e13ca5d3e8881141738cc5) C:\WINDOWS\system32\DRIVERS\wg111v2.sys
16:43:19.0640 0228 RTLWUSB - ok
16:43:19.0671 0228 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
16:43:19.0671 0228 SamSs - ok
16:43:19.0718 0228 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
16:43:19.0765 0228 SCardSvr - ok
16:43:19.0812 0228 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
16:43:19.0843 0228 Schedule - ok
16:43:19.0875 0228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
16:43:19.0875 0228 Secdrv - ok
16:43:19.0921 0228 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
16:43:19.0921 0228 seclogon - ok
16:43:20.0015 0228 senfilt (b9c7617c1e8ab6fdff75d3c8dafcb4c8) C:\WINDOWS\system32\drivers\senfilt.sys
16:43:20.0078 0228 senfilt - ok
16:43:20.0140 0228 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
16:43:20.0140 0228 SENS - ok
16:43:20.0171 0228 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
16:43:20.0171 0228 serenum - ok
16:43:20.0187 0228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
16:43:20.0187 0228 Serial - ok
16:43:20.0234 0228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
16:43:20.0234 0228 Sfloppy - ok
16:43:20.0281 0228 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
16:43:20.0296 0228 SharedAccess - ok
16:43:20.0343 0228 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:43:20.0343 0228 ShellHWDetection - ok
16:43:20.0359 0228 Simbad - ok
16:43:20.0406 0228 SjyPkt (3d7ef286e806f9bd9339aa52e28dcd67) C:\WINDOWS\System32\Drivers\SjyPkt.sys
16:43:20.0406 0228 SjyPkt - ok
16:43:20.0453 0228 smwdm (0066ff77aeb4ae70066f7e94d5a6d866) C:\WINDOWS\system32\drivers\smwdm.sys
16:43:20.0468 0228 smwdm - ok
16:43:20.0484 0228 Sparrow - ok
16:43:20.0515 0228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
16:43:20.0515 0228 splitter - ok
16:43:20.0546 0228 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
16:43:20.0562 0228 Spooler - ok
16:43:20.0578 0228 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
16:43:20.0593 0228 sr - ok
16:43:20.0625 0228 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
16:43:20.0640 0228 srservice - ok
16:43:20.0687 0228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
16:43:20.0687 0228 Srv - ok
16:43:20.0718 0228 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
16:43:20.0734 0228 SSDPSRV - ok
16:43:20.0781 0228 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
16:43:20.0796 0228 stisvc - ok
16:43:20.0828 0228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
16:43:20.0843 0228 swenum - ok
16:43:20.0875 0228 swiwdmbus (ebeee5b1ecad1dad0babc60f82cb96cf) C:\WINDOWS\system32\DRIVERS\swiwdmbus.sys
16:43:20.0875 0228 swiwdmbus - ok
16:43:20.0906 0228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
16:43:20.0906 0228 swmidi - ok
16:43:20.0937 0228 SWNC8UA3 (d1ad925dac20520d019281d03334f50b) C:\WINDOWS\system32\DRIVERS\swnc8ua3.sys
16:43:20.0953 0228 SWNC8UA3 - ok
16:43:20.0968 0228 SwPrv - ok
16:43:20.0968 0228 SWUMX20 - ok
16:43:21.0000 0228 SWUMXA3 (acc595933992488b5de0a5ae17019f75) C:\WINDOWS\system32\DRIVERS\swumxa3.sys
16:43:21.0015 0228 SWUMXA3 - ok
16:43:21.0031 0228 symc810 - ok
16:43:21.0031 0228 symc8xx - ok
16:43:21.0046 0228 sym_hi - ok
16:43:21.0062 0228 sym_u3 - ok
16:43:21.0093 0228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
16:43:21.0109 0228 sysaudio - ok
16:43:21.0140 0228 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
16:43:21.0156 0228 SysmonLog - ok
16:43:21.0218 0228 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
16:43:21.0234 0228 TapiSrv - ok
16:43:21.0312 0228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
16:43:21.0328 0228 Tcpip - ok
16:43:21.0359 0228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
16:43:21.0359 0228 TDPIPE - ok
16:43:21.0390 0228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
16:43:21.0406 0228 TDTCP - ok
16:43:21.0437 0228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
16:43:21.0437 0228 TermDD - ok
16:43:21.0531 0228 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
16:43:21.0562 0228 TermService - ok
16:43:21.0593 0228 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
16:43:21.0609 0228 Themes - ok
16:43:21.0640 0228 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
16:43:21.0656 0228 TlntSvr - ok
16:43:21.0671 0228 TosIde - ok
16:43:21.0718 0228 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
16:43:21.0734 0228 TrkWks - ok
16:43:21.0796 0228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
16:43:21.0796 0228 Udfs - ok
16:43:21.0812 0228 ultra - ok
16:43:21.0890 0228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
16:43:21.0906 0228 Update - ok
16:43:21.0953 0228 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
16:43:21.0984 0228 upnphost - ok
16:43:22.0031 0228 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
16:43:22.0046 0228 UPS - ok
16:43:22.0109 0228 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
16:43:22.0109 0228 USBAAPL - ok
16:43:22.0156 0228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
16:43:22.0171 0228 usbccgp - ok
16:43:22.0171 0228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
16:43:22.0187 0228 usbehci - ok
16:43:22.0218 0228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
16:43:22.0218 0228 usbhub - ok
16:43:22.0250 0228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
16:43:22.0265 0228 USBSTOR - ok
16:43:22.0296 0228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
16:43:22.0296 0228 usbuhci - ok
16:43:22.0312 0228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
16:43:22.0312 0228 VgaSave - ok
16:43:22.0328 0228 ViaIde - ok
16:43:22.0359 0228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
16:43:22.0359 0228 VolSnap - ok
16:43:22.0406 0228 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
16:43:22.0421 0228 VSS - ok
16:43:22.0468 0228 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
16:43:22.0468 0228 W32Time - ok
16:43:22.0500 0228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
16:43:22.0500 0228 Wanarp - ok
16:43:22.0546 0228 Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
16:43:22.0562 0228 Wdf01000 - ok
16:43:22.0578 0228 WDICA - ok
16:43:22.0593 0228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
16:43:22.0625 0228 wdmaud - ok
16:43:22.0656 0228 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
16:43:22.0671 0228 WebClient - ok
16:43:22.0765 0228 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
16:43:22.0781 0228 winmgmt - ok
16:43:22.0828 0228 WmdmPmSN (051b1bdecd6dee18c771b5d5ec7f044d) C:\WINDOWS\system32\MsPMSNSv.dll
16:43:22.0843 0228 WmdmPmSN - ok
16:43:22.0953 0228 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
16:43:22.0968 0228 Wmi - ok
16:43:23.0046 0228 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
16:43:23.0062 0228 WmiApSrv - ok
16:43:23.0187 0228 WMPNetworkSvc (6bab4dc65515a098505f8b3d01fb6fe5) C:\Program Files\Windows Media Player\WMPNetwk.exe
16:43:23.0250 0228 WMPNetworkSvc - ok
16:43:23.0312 0228 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
16:43:23.0343 0228 wscsvc - ok
16:43:23.0375 0228 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
16:43:23.0375 0228 wuauserv - ok
16:43:23.0437 0228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
16:43:23.0453 0228 WudfPf - ok
16:43:23.0468 0228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
16:43:23.0468 0228 WudfRd - ok
16:43:23.0515 0228 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
16:43:23.0515 0228 WudfSvc - ok
16:43:23.0578 0228 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
16:43:23.0609 0228 WZCSVC - ok
16:43:23.0781 0228 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
16:43:23.0796 0228 xmlprov - ok
16:43:23.0859 0228 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
16:43:24.0171 0228 \Device\Harddisk0\DR0 - ok
16:43:24.0187 0228 Boot (0x1200) (bf3db5f497718859a75cc10b508a949e) \Device\Harddisk0\DR0\Partition0
16:43:24.0187 0228 \Device\Harddisk0\DR0\Partition0 - ok
16:43:24.0203 0228 ============================================================
16:43:24.0203 0228 Scan finished
16:43:24.0203 0228 ============================================================
16:43:24.0234 1112 Detected object count: 0
16:43:24.0234 1112 Actual detected object count: 0
16:46:56.0265 3212 Deinitialize success

#4 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 09 May 2012 - 03:14 AM

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-09 18:12:18
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800BB-75JHC0 rev.06.01C06
Running: l4bdw0ky.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fxtdypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xEE9F8DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xEEAADA5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xEE9F985E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xEEA25D5D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xEE9FE2E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xEE9FE330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xEE9FE422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xEEA25711]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xEE9FE252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xEE9FE374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xEE9FE29A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xEE9FE3DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xEE9F8E44]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xEEA26423]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xEEA266D9]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xEE9FB9A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xEEA2628E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xEEA260F9]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xEEAADB34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xEE9F8AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xEE9F8E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xEE9FBD1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xEE9F9B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xEE9FE30E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xEE9FE352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xEE9FE446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xEEA25A6D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xEE9FE278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xEE9FB518]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xEE9FE3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xEE9FE2C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xEE9FB74C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xEE9FE400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xEEAADCA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xEEA25F74]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xEE9F99CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xEEA25DC6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEEAB7B68]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xEEA24D84]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xEE9F8EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xEE9F8F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xEE9F8B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xEE9F8CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xEEA2652A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xEE9F8C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xEE9F8D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xEEAADD60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xEE9F8F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xEEAADBE0]

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL EE9FA19F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF6FFEF80]
.text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP EE9FD180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP EE9FD07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP EE9FD036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP EE9FC724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP EE9FBF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP EE9FD2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP EE9FD4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP EE9FCF3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP EE9FBE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP EE9FC7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP EE9FC384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP EE9FC562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP EE9FBE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP EE9FD0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP EE9FC51C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP EE9FC7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP EE9FD232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP EE9FD450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP EE9FC70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP EE9FBFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP EE9FC104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP EE9FC1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP EE9FC2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP EE9FBD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP EE9FC73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP EE9FBF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP EE9FC0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP EE9FC67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP EE9FD3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[312] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[456] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\hkcmd.exe[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\hkcmd.exe[472] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\hkcmd.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[472] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\hkcmd.exe[472] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\hkcmd.exe[472] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\hkcmd.exe[472] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\hkcmd.exe[472] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\hkcmd.exe[472] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\igfxpers.exe[480] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\igfxpers.exe[480] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[480] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\igfxpers.exe[480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[480] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\igfxpers.exe[480] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\igfxpers.exe[480] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\igfxpers.exe[480] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\igfxpers.exe[480] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\igfxpers.exe[480] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007B1014
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007B0804
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007B0A08
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007B0C0C
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007B0E10
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007B01F8
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007B03FC
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007B0600
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007C0804
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007C0A08
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007C0600
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007C01F8
.text C:\Program Files\Optus\Optus Mobile Broadband\OptusMobileBroadband_AppStart.exe[488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007C03FC
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[508] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\avastUI.exe[508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\smss.exe[612] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\NETGEAR\WG111v2 Configuration Utility\RtlWake.exe[640] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\Program Files\Dell Wireless\PRISMCFG.exe[668] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\csrss.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[676] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC
.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002401F8
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002403FC
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00531014
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00530804
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00530A08
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00530C0C
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00530E10
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 005301F8
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 005303FC
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00530600
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00540804
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00540A08
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00540600
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 005401F8
.text C:\Documents and Settings\All Users\Application Data\Boost Mobile Connect\OnlineUpdate\ouc.exe[948] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 005403FC
.text C:\WINDOWS\system32\services.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\services.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\services.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\services.exe[980] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\services.exe[980] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\services.exe[980] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\services.exe[980] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\services.exe[980] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[992] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\lsass.exe[992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\lsass.exe[992] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\lsass.exe[992] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\lsass.exe[992] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\lsass.exe[992] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\lsass.exe[992] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\lsass.exe[992] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[1260] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003A0804
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003A0A08
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003A0600
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003A01F8
.text C:\Documents and Settings\All Users\Application Data\DatacardService\HWDeviceService.exe[1268] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003A03FC
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\PRISMSVC.EXE[1348] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1360] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1360] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1360] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 0192C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 01B5E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] kernel32.dll!MapViewOfFile 7C80B9A5 5 Bytes JMP 01B5E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00DBDC86
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!DrawTextExW 7E42B415 5 Bytes JMP 00DBEED3
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!DrawTextW 7E42D7E2 5 Bytes JMP 00DBED11
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!SetClipboardData 7E430F9E 5 Bytes JMP 00DBE987
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!DrawTextA 7E43C702 5 Bytes JMP 00DBEC36
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] USER32.dll!DrawTextExA 7E43C739 5 Bytes JMP 00DBEDEC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!TextOutW 77F17EAC 5 Bytes JMP 00DBEB6A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!ExtTextOutW 77F18086 5 Bytes JMP 00DBF09E
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!CreateDIBSection 77F19E19 5 Bytes JMP 01B5E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!TextOutA 77F1BA4F 5 Bytes JMP 00DBEA9E
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!ExtTextOutA 77F1D3FA 5 Bytes JMP 00DBEFBA
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!GetGlyphIndicesA 77F3DFE3 5 Bytes JMP 00DBF45E
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] GDI32.dll!GetGlyphIndicesW 77F52604 5 Bytes JMP 00DBF52B
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00E11014
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00E10804
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00E10A08
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00E10C0C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00E10E10
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 00E101F8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 00E103FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00E10600
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00DBD7D7
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00DBE8E0
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00DBE455
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 00DBE67C
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00DBD716
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00DBE4FA
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 00DBE5A8
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00DBDBA7
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WININET.dll!InternetCrackUrlA 771C7569 5 Bytes JMP 00DBF7F1
.text C:\Program Files\Mozilla Firefox\firefox.exe[1488] WININET.dll!InternetCrackUrlW 771F9EDC 5 Bytes JMP 00DBF93A
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1548] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1548] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[1548] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[1548] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002401F8
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002403FC
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 004A1014
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!ChangeServiceConfigA 77E36E69 5 Bytes JMP 004A0804
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!ChangeServiceConfigW 77E37001 5 Bytes JMP 004A0A08
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!ChangeServiceConfig2A 77E37101 5 Bytes JMP 004A0C0C
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!ChangeServiceConfig2W 77E37189 5 Bytes JMP 004A0E10
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!CreateServiceA 77E37211 5 Bytes JMP 004A01F8
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!CreateServiceW 77E373A9 5 Bytes JMP 004A03FC
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] ADVAPI32.DLL!DeleteService 77E374B1 5 Bytes JMP 004A0600
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 004B0804
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 004B0A08
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 004B0600
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 004B01F8
.text C:\Program Files\Boost Mobile Connect\Boost Mobile Connect.exe[1724] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 004B03FC
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\Explorer.EXE[1828] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002D0804
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002D0A08
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002D0600
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002D01F8
.text C:\WINDOWS\Explorer.EXE[1828] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002D03FC
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 00391014
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 00390C0C
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 00390E10
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003903FC
.text C:\WINDOWS\system32\PRISMSVR.EXE[1836] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\spoolsv.exe[1940] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\spoolsv.exe[1940] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1940] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\spoolsv.exe[1940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\spoolsv.exe[1940] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\spoolsv.exe[1940] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\spoolsv.exe[1940] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\spoolsv.exe[1940] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\spoolsv.exe[1940] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\spoolsv.exe[1940] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[1968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\rundll32.exe[1968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\rundll32.exe[1968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\rundll32.exe[1968] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\rundll32.exe[1968] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\rundll32.exe[1968] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\rundll32.exe[1968] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\rundll32.exe[1968] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\system32\rundll32.exe[1968] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002B1014
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002B0804
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002B0A08
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002B0C0C
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002B0E10
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002B01F8
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002B03FC
.text C:\WINDOWS\system32\svchost.exe[2040] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002B0600
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002C0804
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002C0A08
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002C0600
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002C01F8
.text C:\WINDOWS\system32\svchost.exe[2040] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002C03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 007D1014
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 007D0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 007D0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 007D0C0C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 007D0E10
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 007D01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 007D03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 007D0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 007E0804
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 007E0A08
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 007E0600
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 007E01F8
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 007E03FC
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2220] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\WINDOWS\System32\alg.exe[2252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2252] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2252] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 002B0804
.text C:\WINDOWS\System32\alg.exe[2252] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 002B0A08
.text C:\WINDOWS\System32\alg.exe[2252] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 002B0600
.text C:\WINDOWS\System32\alg.exe[2252] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 002B01F8
.text C:\WINDOWS\System32\alg.exe[2252] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 002B03FC
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 002C1014
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 002C0804
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 002C0A08
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 002C0C0C
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 002C0E10
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 002C01F8
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 002C03FC
.text C:\WINDOWS\System32\alg.exe[2252] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 002C0600
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 77E36D81 5 Bytes JMP 003E1014
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 5 Bytes JMP 003E0804
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 77E37001 5 Bytes JMP 003E0A08
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 5 Bytes JMP 003E0C0C
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 5 Bytes JMP 003E0E10
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!CreateServiceA 77E37211 5 Bytes JMP 003E01F8
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!CreateServiceW 77E373A9 5 Bytes JMP 003E03FC
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] ADVAPI32.dll!DeleteService 77E374B1 5 Bytes JMP 003E0600
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 003F0804
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 003F0A08
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] USER32.dll!SetWindowsHookExA 7E431211 5 Bytes JMP 003F0600
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] USER32.dll!SetWinEventHook 7E4317F7 5 Bytes JMP 003F01F8
.text C:\Documents and Settings\Administrator\Desktop\l4bdw0ky.exe[3692] USER32.dll!UnhookWinEvent 7E4318AC 5 Bytes JMP 003F03FC

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[508] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\WINDOWS\system32\services.exe[980] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002
IAT C:\WINDOWS\system32\services.exe[980] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000
IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \FileSystem\Fastfat \Fat ED5E5D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- EOF - GMER 1.0.15 ----

#5 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 09 May 2012 - 04:02 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-09 18:13:26
-----------------------------
18:13:26.093 OS Version: Windows 5.1.2600 Service Pack 3
18:13:26.093 Number of processors: 1 586 0x401
18:13:26.093 ComputerName: SCOTT UserName:
18:13:27.906 Initialize success
18:13:31.859 AVAST engine defs: 12050801
18:16:00.187 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
18:16:00.187 Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
18:16:00.218 Disk 0 MBR read successfully
18:16:00.218 Disk 0 MBR scan
18:16:02.156 Disk 0 Windows XP default MBR code
18:16:02.203 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
18:16:04.765 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
18:16:05.656 Disk 0 scanning sectors +156232125
18:16:06.437 Disk 0 scanning C:\WINDOWS\system32\drivers
18:17:22.765 Service scanning
18:18:07.390 Modules scanning
18:19:08.062 Disk 0 trace - called modules:
18:19:08.093 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
18:19:08.093 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8637dab8]
18:19:08.093 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x863c8d98]
18:19:10.609 AVAST engine scan C:\WINDOWS
18:19:29.671 AVAST engine scan C:\WINDOWS\system32
18:19:56.171 File: C:\WINDOWS\system32\certclin.dll **INFECTED** Win32:Suprchu [Adw]
18:30:23.093 AVAST engine scan C:\WINDOWS\system32\drivers
18:31:31.562 AVAST engine scan C:\Documents and Settings\Administrator
18:48:15.390 AVAST engine scan C:\Documents and Settings\All Users
18:49:01.421 Scan finished successfully
19:01:03.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
19:01:03.640 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:15 AM

Posted 09 May 2012 - 04:04 AM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log


Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#7 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 10 May 2012 - 12:28 AM

I scanned with MBAM and no threats were found after 2 scans.

Scan 1


Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.09.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: SCOTT [administrator]

Protection: Enabled

5/10/2012 9:33:22 AM
mbam-log-2012-05-10 (09-33-22).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 250643
Time elapsed: 3 hour(s), 35 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Scan 2

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.10.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Administrator :: SCOTT [administrator]

Protection: Enabled

5/10/2012 2:11:04 PM
mbam-log-2012-05-10 (14-11-04).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 182202
Time elapsed: 13 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

However, the program was constantly blocking some IP


2012/05/10 09:32:43 +1000 SCOTT Administrator MESSAGE Starting protection
2012/05/10 09:32:51 +1000 SCOTT Administrator MESSAGE Protection started successfully
2012/05/10 09:32:54 +1000 SCOTT Administrator MESSAGE Starting IP protection
2012/05/10 09:33:12 +1000 SCOTT Administrator MESSAGE IP Protection started successfully
2012/05/10 09:33:55 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:34:56 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:35:57 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:37:00 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:38:01 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:39:01 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:39:52 +1000 SCOTT Administrator MESSAGE Executing scheduled update: Daily
2012/05/10 09:39:54 +1000 SCOTT Administrator MESSAGE Database already up-to-date
2012/05/10 09:40:01 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:41:02 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:42:02 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:43:02 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:44:03 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:45:04 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:46:08 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:47:09 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:48:10 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:49:11 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:50:11 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:51:12 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:52:14 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:53:16 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:54:16 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:55:17 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:56:17 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:57:17 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:58:17 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 09:59:18 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:00:18 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:00:43 +1000 SCOTT Administrator IP-BLOCK 121.10.115.62 (Type: incoming)
2012/05/10 10:01:18 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:02:19 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:03:20 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:04:20 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:05:22 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:06:22 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:07:23 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:08:23 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:09:24 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:10:24 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:11:27 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:12:27 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:13:27 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:14:28 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:15:28 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:16:29 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:17:30 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:18:30 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:19:31 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:20:31 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:21:32 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:22:32 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:23:32 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:24:33 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:25:33 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:26:33 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:27:33 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:28:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:29:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:30:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:31:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:32:35 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:33:35 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:34:35 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:35:35 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:36:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:37:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:38:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:39:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:40:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:41:38 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:42:38 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:43:38 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:44:38 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:45:38 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:46:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:47:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:48:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:49:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:50:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:51:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:52:40 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:53:40 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:54:40 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:55:40 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:56:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:57:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:58:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 10:59:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:00:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:01:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:02:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:03:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:04:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:05:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:06:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:07:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:08:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:09:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:10:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:11:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:12:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:13:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:14:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:15:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:16:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:17:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:18:45 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:19:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:20:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:21:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:22:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:23:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:24:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:25:47 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:26:47 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:27:47 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:28:47 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:29:47 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:30:48 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:31:48 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:32:48 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:33:49 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:34:49 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:35:49 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:36:50 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:37:50 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:38:51 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:39:51 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:40:51 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:41:52 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:42:52 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:43:52 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:44:53 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:45:53 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:46:53 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:47:54 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:48:54 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:49:54 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:50:55 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:51:55 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:52:55 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:53:55 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:54:56 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:55:56 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:56:56 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:57:57 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:58:58 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 11:59:58 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:00:59 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:02:00 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:03:00 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:04:01 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:05:01 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:06:07 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:07:08 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:08:09 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:09:09 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:10:10 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:11:12 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:12:13 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:13:15 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:14:16 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:15:17 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:16:18 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:17:19 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:18:20 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:19:22 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:20:24 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:21:26 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:22:28 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:23:31 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:24:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:25:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:26:37 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:27:40 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:28:44 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:29:49 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:30:53 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:31:57 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:32:59 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:34:02 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:35:04 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:36:07 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:37:09 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:38:12 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:39:14 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:40:18 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:41:19 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:42:21 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:43:21 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:44:21 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:45:22 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:46:22 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:47:23 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:48:24 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:49:24 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:50:26 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:51:28 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:52:29 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:53:30 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:54:31 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:55:31 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:56:31 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:57:32 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:58:32 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 12:59:32 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:00:33 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:01:33 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:02:34 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:03:35 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:04:35 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:05:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:06:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:07:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:08:36 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:09:37 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:10:37 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:11:22 +1000 SCOTT Administrator IP-BLOCK 121.10.115.62 (Type: incoming)
2012/05/10 13:11:37 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:12:37 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:13:38 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:14:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:15:39 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:16:40 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:17:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:18:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:19:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:20:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:21:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:22:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:23:41 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:24:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:25:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:26:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:27:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:28:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:29:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:30:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:31:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:32:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:33:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:34:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:35:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:36:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:37:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:38:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:39:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:40:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:41:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:42:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:43:42 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:44:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:45:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:46:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:47:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:48:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:49:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:50:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:51:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:52:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:53:43 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:54:21 +1000 SCOTT Administrator MESSAGE Starting database refresh
2012/05/10 13:54:21 +1000 SCOTT Administrator MESSAGE Stopping IP protection
2012/05/10 13:54:21 +1000 SCOTT Administrator MESSAGE IP Protection stopped
2012/05/10 13:54:32 +1000 SCOTT Administrator MESSAGE Database refreshed successfully
2012/05/10 13:54:32 +1000 SCOTT Administrator MESSAGE Starting IP protection
2012/05/10 13:55:08 +1000 SCOTT Administrator MESSAGE IP Protection started successfully
2012/05/10 13:55:46 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:56:47 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:57:48 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:58:50 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 13:59:51 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 14:00:53 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 14:01:53 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 14:02:54 +1000 SCOTT Administrator IP-BLOCK 195.88.209.15 (Type: outgoing)
2012/05/10 14:07:12 +1000 SCOTT Administrator MESSAGE Starting protection
2012/05/10 14:07:33 +1000 SCOTT Administrator MESSAGE Protection started successfully

After i restarted after the full scan it stopped blocking it.

Edited by Cakemaphoneige, 10 May 2012 - 12:30 AM.


#8 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 10 May 2012 - 12:50 AM

I tried scanning with ESET, it did its install thing, then i clicked start, then it says downloading virus signature database, the percentage bar doesnt even move, then in about 30 seconds it says done, but under the scan report says: Scanned Files 0, Running Time 00.00.
I dont think its working?
I tried several times as well.

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:15 AM

Posted 10 May 2012 - 01:27 AM

Try to run it in safemode with networking

good luck

#10 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 10 May 2012 - 06:38 PM

Ok got it working, scanning now...

Edit: This is the threat that was found.

Operating memory a variant of Win32/Ponmocup.AA trojan


Edit 2:

MiniToolBox by Farbar Version: 18-01-2012
Ran by Administrator (administrator) on 11-05-2012 at 10:35:15
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 4

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================


127.0.0.1 localhost

========================= IP Configuration: ================================

HUAWEI Mobile Connect - 3G Network Card = Local Area Connection 7 (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Local Area Connection 7"

set address name="Local Area Connection 7" source=dhcp
set dns name="Local Area Connection 7" source=dhcp register=PRIMARY
set wins name="Local Area Connection 7" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : scott

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection

Physical Address. . . . . . . . . : 00-13-20-C0-FB-22



Ethernet adapter Local Area Connection 7:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : HUAWEI Mobile Connect - 3G Network Card

Physical Address. . . . . . . . . : 00-1E-10-1F-4B-6B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 42.241.121.245

Subnet Mask . . . . . . . . . . . : 255.255.255.252

Default Gateway . . . . . . . . . : 42.241.121.246

DHCP Server . . . . . . . . . . . : 42.241.121.246

DNS Servers . . . . . . . . . . . : 211.29.132.12

61.88.88.88

Lease Obtained. . . . . . . . . . : Friday, May 11, 2012 10:35:29 AM

Lease Expires . . . . . . . . . . : Friday, May 11, 2012 12:35:29 PM

Server: dns.mas.optusnet.com.au
Address: 211.29.132.12

Name: google.com
Addresses: 74.125.237.136, 74.125.237.137, 74.125.237.142, 74.125.237.128
74.125.237.129, 74.125.237.130, 74.125.237.131, 74.125.237.132, 74.125.237.133
74.125.237.134, 74.125.237.135



Pinging google.com [74.125.237.142] with 32 bytes of data:



Reply from 74.125.237.142: bytes=32 time=62ms TTL=55

Reply from 74.125.237.142: bytes=32 time=57ms TTL=55



Ping statistics for 74.125.237.142:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 57ms, Maximum = 62ms, Average = 59ms

Server: dns.mas.optusnet.com.au
Address: 211.29.132.12

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=291ms TTL=48

Reply from 98.139.183.24: bytes=32 time=289ms TTL=48



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 289ms, Maximum = 291ms, Average = 290ms

Server: dns.mas.optusnet.com.au
Address: 211.29.132.12

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 13 20 c0 fb 22 ...... Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
0x10004 ...00 1e 10 1f 4b 6b ...... HUAWEI Mobile Connect - 3G Network Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 42.241.121.246 42.241.121.245 30
42.241.121.244 255.255.255.252 42.241.121.245 42.241.121.245 30
42.241.121.245 255.255.255.255 127.0.0.1 127.0.0.1 30
42.255.255.255 255.255.255.255 42.241.121.245 42.241.121.245 30
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 42.241.121.245 42.241.121.245 20
224.0.0.0 240.0.0.0 42.241.121.245 42.241.121.245 30
255.255.255.255 255.255.255.255 42.241.121.245 2 1
255.255.255.255 255.255.255.255 42.241.121.245 42.241.121.245 1
Default Gateway: 42.241.121.246
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/08/2012 00:28:25 PM) (Source: Application Error) (User: )
Description: Faulting application age2_x1.exe, version 0.7.26.809, faulting module age2_x1.exe, version 0.7.26.809, fault address 0x003cba25.
Processing media-specific event for [age2_x1.exe!ws!]

Error: (04/27/2012 10:53:17 AM) (Source: Application Error) (User: )
Description: Faulting application telstraucm.exe, version 3.1.909.3, faulting module telstraucm.exe, version 3.1.909.3, fault address 0x001bcb96.
Processing media-specific event for [telstraucm.exe!ws!]

Error: (04/27/2012 10:32:30 AM) (Source: Application Error) (User: )
Description: Faulting application telstraucm.exe, version 3.1.909.3, faulting module telstraucm.exe, version 3.1.909.3, fault address 0x001bcb96.
Processing media-specific event for [telstraucm.exe!ws!]

Error: (12/22/2011 02:39:21 PM) (Source: Application Error) (User: )
Description: Faulting application telstraucm.exe, version 3.1.909.3, faulting module telstraucm.exe, version 3.1.909.3, fault address 0x001bcb96.
Processing media-specific event for [telstraucm.exe!ws!]

Error: (11/25/2011 09:36:33 PM) (Source: Application Error) (User: )
Description: Faulting application telstraucm.exe, version 3.1.909.3, faulting module telstraucm.exe, version 3.1.909.3, fault address 0x001bcb96.
Processing media-specific event for [telstraucm.exe!ws!]

Error: (11/25/2011 02:48:16 PM) (Source: Application Error) (User: )
Description: Faulting application telstraucm.exe, version 3.1.909.3, faulting module telstraucm.exe, version 3.1.909.3, fault address 0x001bcb96.
Processing media-specific event for [telstraucm.exe!ws!]

Error: (11/17/2011 06:34:05 PM) (Source: Application Error) (User: )
Description: Faulting application telstraucm.exe, version 3.1.909.3, faulting module telstraucm.exe, version 3.1.909.3, fault address 0x001bcb96.
Processing media-specific event for [telstraucm.exe!ws!]

Error: (11/10/2011 00:17:56 PM) (Source: Application Hang) (User: )
Description: Fault bucket 56040928.

Error: (11/10/2011 00:17:53 PM) (Source: Application Hang) (User: )
Description: Hanging application snes9x.exe, version 1.4.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (11/10/2011 00:17:48 PM) (Source: Application Hang) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.


System errors:
=============
Error: (05/11/2012 08:35:28 AM) (Source: Dhcp) (User: )
Description: The IP address lease 42.241.120.225 for the Network Card with network address 001E101F4B6B has been
denied by the DHCP server 42.241.121.246 (The DHCP Server sent a DHCPNACK message).

Error: (05/11/2012 08:29:58 AM) (Source: Service Control Manager) (User: )
Description: The Boost Mobile Connect. OUC service failed to start due to the following error:
%%1053

Error: (05/11/2012 08:29:58 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Boost Mobile Connect. OUC service to connect.

Error: (05/11/2012 08:09:53 AM) (Source: Service Control Manager) (User: )
Description: The Boost Mobile Connect. OUC service failed to start due to the following error:
%%1053

Error: (05/11/2012 08:09:53 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Boost Mobile Connect. OUC service to connect.

Error: (05/10/2012 03:14:06 PM) (Source: Dhcp) (User: )
Description: The IP address lease 42.241.107.253 for the Network Card with network address 001E101F5396 has been
denied by the DHCP server 114.73.66.177 (The DHCP Server sent a DHCPNACK message).

Error: (05/10/2012 02:08:29 PM) (Source: System Error) (User: )
Description: Error code 1000000a, parameter1 b1f4e000, parameter2 00000005, parameter3 00000001, parameter4 806f78fe.

Error: (05/10/2012 02:07:04 PM) (Source: Service Control Manager) (User: )
Description: The Boost Mobile Connect. OUC service failed to start due to the following error:
%%1053

Error: (05/10/2012 02:07:04 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Boost Mobile Connect. OUC service to connect.

Error: (05/10/2012 09:15:09 AM) (Source: Dhcp) (User: )
Description: The IP address lease 42.241.91.119 for the Network Card with network address 001E101F5BFC has been
denied by the DHCP server 42.241.107.254 (The DHCP Server sent a DHCPNACK message).


Microsoft Office Sessions:
=========================
Error: (05/08/2012 00:28:25 PM) (Source: Application Error)(User: )
Description: age2_x1.exe0.7.26.809age2_x1.exe0.7.26.809003cba25

Error: (04/27/2012 10:53:17 AM) (Source: Application Error)(User: )
Description: telstraucm.exe3.1.909.3telstraucm.exe3.1.909.3001bcb96

Error: (04/27/2012 10:32:30 AM) (Source: Application Error)(User: )
Description: telstraucm.exe3.1.909.3telstraucm.exe3.1.909.3001bcb96

Error: (12/22/2011 02:39:21 PM) (Source: Application Error)(User: )
Description: telstraucm.exe3.1.909.3telstraucm.exe3.1.909.3001bcb96

Error: (11/25/2011 09:36:33 PM) (Source: Application Error)(User: )
Description: telstraucm.exe3.1.909.3telstraucm.exe3.1.909.3001bcb96

Error: (11/25/2011 02:48:16 PM) (Source: Application Error)(User: )
Description: telstraucm.exe3.1.909.3telstraucm.exe3.1.909.3001bcb96

Error: (11/17/2011 06:34:05 PM) (Source: Application Error)(User: )
Description: telstraucm.exe3.1.909.3telstraucm.exe3.1.909.3001bcb96

Error: (11/10/2011 00:17:56 PM) (Source: Application Hang)(User: )
Description: 56040928

Error: (11/10/2011 00:17:53 PM) (Source: Application Hang)(User: )
Description: snes9x.exe1.4.0.0hungapp0.0.0.000000000

Error: (11/10/2011 00:17:48 PM) (Source: Application Hang)(User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000


=========================== Installed Programs ============================

Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.1.0 (Version: 8.1.0)
Age of Empires 2 Gold Edition Online and Everything
Apple Application Support (Version: 1.4.0)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (Version: 2.1.2.120)
Audacity 1.2.6
avast! Free Antivirus (Version: 7.0.1426.0)
Bonjour (Version: 2.0.3.0)
Boost Mobile Connect (Version: 21.005.20.00.620)
CCleaner (Version: 3.12)
Cheat Engine 5.6
Dell ResourceCD
DivX Setup (Version: 2.1.2.2)
ESET Online Scanner v3
Google Chrome (Version: 18.0.1025.168)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.111)
HandBrake 0.9.5 (Version: 0.9.5)
Intel® Extreme Graphics 2 Driver (Version: 6.14.10.4396)
Intel® PRO Network Adapters and Drivers
iTunes (Version: 10.1.0.54)
Junk Mail filter update (Version: 14.0.8117.416)
K-Lite Codec Pack 6.4.0 (Basic) (Version: 6.4.0)
LAME v3.98.2 for Audacity
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 12.0 (x86 en-US) (Version: 12.0)
Mozilla Maintenance Service (Version: 12.0)
MSVCRT (Version: 14.0.1468.721)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Optus Mini WiFi Modem (Version: TOOL-ConnLaucher_WIN1.01.01.74)
Optus Mobile Broadband (Version: 1.2.231.3)
Optus Mobile Broadband (Version: 11.300.05.18.74)
PC Suite (Version: 12.08.217)
PokerStars
PokerStars.net
QuickTime (Version: 7.68.75.0)
Redtube Video Downloader 3.27
Segoe UI (Version: 14.0.4327.805)
SoundMAX (Version: 5.12.01.7000)
TunerPro v5.00
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676-v2) (Version: 2)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB 2.0 Wireless LAN Card Utility (Version: 8.1.55)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
VLC media player 1.1.4 (Version: 1.1.4)
WebFldrs XP (Version: 9.50.7523)
WG111v2 Configuration Utility (Version: 1.00)
Windows Driver Package - 2Wire (2WIREPCP) Net (09/18/2002 1.4.0.5) (Version: 09/18/2002 1.4.0.5)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinOLS 1.500
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 45%
Total physical RAM: 1021.98 MB
Available physical RAM: 556.75 MB
Total Pagefile: 2464.71 MB
Available Pagefile: 2134.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1980.38 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:74.47 GB) (Free:33.35 GB) NTFS
3 Drive e: (Boost Mobile) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS

========================= Users: ========================================

User accounts for \\SCOTT

Administrator Guest HelpAssistant
SUPPORT_388945a0


**** End of log ****

Edited by Cakemaphoneige, 10 May 2012 - 07:38 PM.


#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:15 AM

Posted 10 May 2012 - 07:42 PM

Re run aswmbr and post the new log

#12 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 10 May 2012 - 07:50 PM

Should i remove any threats found with aswmbr?

#13 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:15 AM

Posted 10 May 2012 - 07:50 PM

No,just post the new log

#14 Cakemaphoneige

Cakemaphoneige
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:03:15 PM

Posted 10 May 2012 - 08:38 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-11 10:48:06
-----------------------------
10:48:06.921 OS Version: Windows 5.1.2600 Service Pack 3
10:48:06.921 Number of processors: 1 586 0x401
10:48:06.921 ComputerName: SCOTT UserName:
10:48:10.156 Initialize success
10:48:15.390 AVAST engine defs: 12050901
10:48:36.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
10:48:36.203 Disk 0 Vendor: WDC_WD800BB-75JHC0 06.01C06 Size: 76293MB BusType: 3
10:48:36.218 Disk 0 MBR read successfully
10:48:36.218 Disk 0 MBR scan
10:48:38.343 Disk 0 Windows XP default MBR code
10:48:38.375 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 31 MB offset 63
10:48:40.984 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 76253 MB offset 64260
10:48:41.953 Disk 0 scanning sectors +156232125
10:48:42.984 Disk 0 scanning C:\WINDOWS\system32\drivers
10:49:36.875 Service scanning
10:50:18.390 Modules scanning
10:50:38.656 Disk 0 trace - called modules:
10:50:38.687 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys
10:50:39.062 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86392ab8]
10:50:39.062 3 CLASSPNP.SYS[f74d7fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8637cb00]
10:50:40.375 AVAST engine scan C:\WINDOWS
10:50:48.156 AVAST engine scan C:\WINDOWS\system32
10:51:05.765 File: C:\WINDOWS\system32\certclin.dll **INFECTED** Win32:Suprchu [Adw]
10:56:49.781 AVAST engine scan C:\WINDOWS\system32\drivers
10:57:18.000 AVAST engine scan C:\Documents and Settings\Administrator
11:07:12.756 AVAST engine scan C:\Documents and Settings\All Users
11:07:48.256 Scan finished successfully
11:34:34.881 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
11:34:34.897 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

#15 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:12:15 AM

Posted 10 May 2012 - 09:22 PM

Press Windows +R key and type

cmd and click ok,now run these commands

cd C:\WINDOWS\system32
attrib -s -h -r certclin.dll
del certclin.dll


Let me know if it shows errors

good luck

Edited by narenxp, 10 May 2012 - 09:22 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users